Bamboo permissions are not correctly added when a task is created via Mibex Plan DSL plugin task

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

  

Platform Notice: Data Center - This article applies to Atlassian products on the Data Center platform.

Note that this knowledge base article was created for the Data Center version of the product. Data Center knowledge base articles for non-Data Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

An Access denied error was thrown while editing the Bamboo Deployment environment when the Deployment project had a Mibex Plan DSL plugin task to create permissions. Even though you give EDIT permission on the script for the Deployment environment, it is not created with the necessary permissions to allow someone to edit the configuration. This is why you see the edit pen button, but when you visit the environment, it throws the "Access Denied". Also, that is the reason when you remove and re-add the group permission, it starts working as you are using Bamboo's native edit environment pages to do it, so it adds the permissions correctly.

Environment

Found with Bamboo 8.0.4 and  Mibex Plan DSL plugin  1.10.2 

Diagnosis

You will get an "Access Denied" error when you visit the Bamboo Deployment environment edit page even though you have edit permission.

Cause


To edit a deployment environment in Bamboo would need  VIEW_CONFIGURATION and WRITE permissions in the backend. But when you create a Deployment Environment via plugin, it only adds the WRITE permission in the backend database and misses the VIEW_CONFIGURATION permission.

Solution

Option 1: Remove and re-add the environment permission

  1. Go to the impacted deployment environment as an admin user
  2. Remove the existing permissions and groups
  3. Re-add the group and permissions 

Option 2: Update the permission using Bamboo API

You use the Bamboo API to add the correct permission to the environment.

  1. Find the environment_id of the Deployment Environment that is not working,
    It can be found in the view environment URL 
    1. For example, in this URL  http://mybamboo.com:8085/bamboo/deploy/viewEnvironment.action?id=3276814, 3276814 is the environment_id
  2. Call the REST API as an admin by replacing the <ADMIN_USER>,<PASSWORD>,<BAMBOO_URL>, <ENVIRONMENT_ID>,<GROUP_NAME>
curl -X PUT -H'Content-Type: application/json' -u <ADMIN_USER>:<PASSWORD> '<BAMBOO_URL>/rest/api/latest/permissions/environment/<environment_id>/groups/<group_name>' -d '"READ","WRITE"'

Last modified on Aug 29, 2022

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.